kubernetes role, cleanup and harmonization

author: Christian Pointner <equinox@spreadspace.org> 2020-03-17 15:07:43 +0100
committer: Christian Pointner <equinox@spreadspace.org> 2020-03-17 15:07:43 +0100
commit: caea61f4fb8b66aa2a0dc7aa2d2b8a06477d9706 (patch)
tree: 46e799c4b39a0c3afee1459821ced62e49e858a3 /roles
parent: remove xro dns zones (diff)
6 files changed, 35 insertions, 28 deletions
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index d4bba120..62712551 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -37,3 +37,9 @@
   dpkg_selections:
     name: "{{ docker_pkg_name }}"
     selection: hold
+
+- name: Start and enable docker
+  service:
+    name: docker
+    enabled: true
+    state: started
diff --git a/roles/kubernetes/base/tasks/main.yml b/roles/kubernetes/base/tasks/main.yml
index f1802b0c..17251b82 100644
--- a/roles/kubernetes/base/tasks/main.yml
+++ b/roles/kubernetes/base/tasks/main.yml
@@ -31,24 +31,21 @@
 - name: update apt cache
   meta: flush_handlers
 
-- name: install kubelet and utils
+- name: install kubelet and common packages
   apt:
     name:
-    - "kubelet{% if kubernetes_version is defined %}={{ kubernetes_version }}-00{% endif %}"
-    - cri-tools
-    - bridge-utils
+      - bridge-utils
+      - cri-tools
+      - "kubelet={{ kubernetes_version }}-00"
     state: present
     force: yes
 
 - name: disable automatic upgrades for kubelet
-  when: kubernetes_version is defined
-  loop:
-  - kubelet
   dpkg_selections:
-    name: "{{ item }}"
+    name: kubelet
     selection: hold
 
-- name: configure crictl to use containerd
+- name: add crictl config for shells
   loop:
     - zsh
     - bash
diff --git a/roles/kubernetes/kubeadm/base/tasks/main.yml b/roles/kubernetes/kubeadm/base/tasks/main.yml
index 8e913560..2d2bd324 100644
--- a/roles/kubernetes/kubeadm/base/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/base/tasks/main.yml
@@ -1,18 +1,18 @@
 ---
-- name: install kubeadm and kubectl
+- name: install kubeadm packages
   apt:
     name:
-    - haproxy
-    - hatop
-    - "kubeadm{% if kubernetes.pkg_version is defined %}={{ kubernetes.pkg_version }}{% endif %}"
-    - "kubectl{% if kubernetes.pkg_version is defined %}={{ kubernetes.pkg_version }}{% endif %}"
+      - haproxy
+      - hatop
+      - "kubeadm={{ kubernetes_version }}-00"
+      - "kubectl={{ kubernetes_version }}-00"
     state: present
+    force: yes
 
-- name: disable automatic upgrades for kubeadm and kubectl
-  when: kubernetes.pkg_version is defined
+- name: disable automatic upgrades for kubeadm/kubectl
   loop:
-  - kubeadm
-  - kubectl
+    - kubeadm
+    - kubectl
   dpkg_selections:
     name: "{{ item }}"
     selection: hold
@@ -25,7 +25,7 @@
     line: 'KUBELET_EXTRA_ARGS=--node-ip={{ kubernetes_overlay_node_ip }}'
     create: yes
 
-- name: add kubeadm completion for shells
+- name: add kubeadm config for shells
   loop:
     - zsh
     - bash
@@ -58,3 +58,6 @@
     marker: "### {mark} ANSIBLE MANAGED BLOCK for hatop ###"
     content: |
       alias hatop="hatop -s /var/run/haproxy/admin.sock"
+
+# - name: prepare network plugin
+#   include_tasks: "net_{{ kubernetes_network_plugin }}.yml"
diff --git a/roles/kubernetes/kubeadm/base/templates/haproxy.cfg.j2 b/roles/kubernetes/kubeadm/base/templates/haproxy.cfg.j2
index 319cc1cb..2e0eaf5d 100644
--- a/roles/kubernetes/kubeadm/base/templates/haproxy.cfg.j2
+++ b/roles/kubernetes/kubeadm/base/templates/haproxy.cfg.j2
@@ -37,5 +37,5 @@ backend kube_api
     timeout connect 5s
     timeout server 3h
 {% for master in groups['_kubernetes_masters_'] %}
-    server {{ hostvars[master].inventory_hostname }} {{ hostvars[master].kubernetes_overlay_node_ip | default(hostvars[master].ansible_default_ipv4.address) }}:6442 {% if master == inventory_hostname %}id 1{% endif %} check check-ssl verify none
+    server {{ master }} {{ hostvars[master].kubernetes_overlay_node_ip | default(hostvars[master].ansible_default_ipv4.address) }}:6442 {% if master == inventory_hostname %}id 1{% endif %} check check-ssl verify none
 {% endfor %}
diff --git a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml b/roles/kubernetes/kubeadm/master/tasks/primary-master.yml
index 115c8616..9bbe9ecc 100644
--- a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml
+++ b/roles/kubernetes/kubeadm/master/tasks/primary-master.yml
@@ -103,6 +103,7 @@
   delegate_facts: True
   loop: "{{ groups['_kubernetes_nodes_'] }}"
 
+
 ## Network Plugin
 
 # - name: install network plugin
diff --git a/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 b/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2
index f48a34f3..bb7f9a96 100644
--- a/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2
+++ b/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2
@@ -23,14 +23,14 @@ networking:
   podSubnet: {{ kubernetes.pod_ip_range }}
   serviceSubnet: {{ kubernetes.service_ip_range }}
 apiServer:
-  # extraArgs:
-  #   encryption-provider-config: /etc/kubernetes/encryption/config
-  # extraVolumes:
-  # - name: encryption-config
-  #   hostPath: /etc/kubernetes/encryption
-  #   mountPath: /etc/kubernetes/encryption
-  #   readOnly: true
-  #   pathType: Directory
+  extraArgs:
+    encryption-provider-config: /etc/kubernetes/encryption/config
+  extraVolumes:
+  - name: encryption-config
+    hostPath: /etc/kubernetes/encryption
+    mountPath: /etc/kubernetes/encryption
+    readOnly: true
+    pathType: Directory
 {% if (kubernetes.api_extra_sans | default([]) | length) == 0 %}
   certSANs: []
 {% else %}
author	Christian Pointner <equinox@spreadspace.org>	2020-03-17 15:07:43 +0100
committer	Christian Pointner <equinox@spreadspace.org>	2020-03-17 15:07:43 +0100
commit	caea61f4fb8b66aa2a0dc7aa2d2b8a06477d9706 (patch)
tree	46e799c4b39a0c3afee1459821ced62e49e858a3 /roles
parent	remove xro dns zones (diff)